China Attacks, Backdoors, Wi-Fi Worms, and other predictions for 2017
December 2016 by F-Secure
2017 is nearly here. People are looking ahead to the new year. And for cyber security experts, this inevitably involves thinking about what threats we’ll all have to contend with in the near future.
The possibilities might seem incalculable. But experts know the past always offers clues about what attackers are focusing their attention on. Bad software launched one year become targets the next. New insecure devices become security risks. And so on.
So if you’re the betting type, here’s where you should put your money in 2017.
“China will increase cyber espionage ops in the United States”
Russia and their cyber espionage capabilities made headlines in 2016 thanks to their perceived involvement in the recent US presidential election. But China, and the prospect of them using cyber attacks to dig up dirt on the incoming administration, are the threat actors the US needs to start worrying about.
It wasn’t too long ago that everyone was upset about China. The Office of Personnel Management hack disclosed in 2015 was reported to affect as many as 14 million people. It was enough for Obama to push back against China on cyber security matters. But the new administration seems to be blissfully unaware as to how and why nation-states use cyber attacks to develop their political interests.
For example, the incoming national security advisor apparently once had an unauthorized internet connection installed in the Pentagon, basically eliminating the “air gap” used to safeguard one of the US’ most important national security centers. Stuff like this makes Michael Flynn a cyber attack victim waiting to happen. As for motive, a normal presidential transition would attract China’s attention, as they would like to catch “sneak peeks” or a “behind the scenes look” at the policies and positions of the incoming administration. But this wasn’t a normal election. Trump and his political network have been causing controversy throughout the campaign. Pulling that thread by digging up non-public dirt can help China gain leverage over Trump’s team, and actually unravel initiatives, policies, and positions that might run counter to their interests. And China has the motives and capabilities to make this happen in 2017.
Sean Sullivan, Security Advisor
“We’ll see more DDoS attacks from the Internet of Things”
The Mirai attacks against Dyn seemed to take many people by surprise. I think the shock value of the attack, which is how I interpreted the massive amount of media coverage the attacks generated, is a by-product of people either misunderstanding or underestimating the threat posed by the proliferation of insecure IoT devices.
All new technologies enter this phase where early adopters begin using them in ways not foreseen by original manufacturers. IoT devices are in this part of their adoption cycle. We’re seeing certain “design flaws” that aren’t apparent when testing these products in a lab or under controlled testing conditions. That’s why we saw one company recall their webcams in the wake of the Dyn hack. They realized that the security flaw in that particular model was something that could be used by hackers, which wasn’t something they considered when designing the device.
So I definitely think IoT devices will increasingly be used for Denial of Service attacks through 2017. But the good news is that I don’t think the problem will escalate beyond DDoS stuff until 2018, where we’ll probably see hackers working to attack device owners through their IoT gadgets. That gives the cyber security industry, regulators, and device manufacturers time to work together to protect the smart environments we’re creating.
Mika Stählberg, Chief Technology Officer
“The backdoor debate will eat through Europe”
Cryptography is one of the few counterweights to the security risks entrenched in the digital infrastructure we rely on today. It’s a cornerstone of security used to protect the information we entrust to digital environments. By using cryptographic means to safeguard information that’s stored or transmitted digitally, people can trust that their information stays safe from the prying eyes of spies, criminals, and even companies.
Unfortunately, not everyone appreciates the benefits this type of security has for individuals, companies, and society. In recent years, governments have been exploring ways to essentially weaken the ability of IT companies to use cryptography. Apple’s spat with the FBI over encrypted iPhones is probably the best example of how policy makers and IT companies clash over this issue. A more significant (and recent) example is the approval of the so-called “Snoopers’ Charter” in the UK.
In 2017, we’ll see a revitalized push for IT companies to accommodate surveillance needs by weakening the security of their products and services. Politicians in different European nations will follow France’s lead and discuss legal and technical ways to give governments the capability to monitor people’s digital activities. Proponents of these types of regulatory initiatives will clash with those who believe sacrificing security measures such as cryptography will increase everyone’s exposure to cyber crime, foreign intelligence gathering, government persecution, and more. I’ve testified in front of governments about these issues in the past. And I expect to do so again in 2017.
Erka Koivunen, Chief Information Security Officer
“Someone will create the first Wi-Fi worm”
2016 saw some developments with internet-of-things security that I think gives some clues about how the threat landscape will shape up next year. The destructive capabilities of botnets and DDoS attacks certainly become more apparent. I think Mirai really highlighted the potential value of targeting internet-connected devices like IoT products and routers, and I think we’ll see this trend continue next year.
Specifically, I think we might see the creation of “Wi-Fi worms” – a type of malware that could quickly spread through an urban area by using Wi-Fi to infect routers. Basically, an infected device would contain code that attempts to copy itself to routers via Wi-Fi connections. Once a router becomes infected, the worm then attempts to find and replicate itself to more routers. It could be Now, I don’t necessarily foresee this being something used in attacks. It may be something developed as a proof-of-concept by researchers. But we’ve seen more attention being paid to routers and non-PC devices in the past few years. A Wi-Fi worm is a logical extension of what we’ve seen with Mirai, and I think current technologies and tactics have put this within reach.
Sean Sullivan, Security Advisor
“Man and machine will dominate cyber security”
Commodity malware is becoming less effective against the kind of endpoint protection we have nowadays. You might not think that based on some of the terrible security incidents that made headlines in 2016. But it’s true. But it’s not just about malware anymore.
Hackers can take run of the mill, commodified malware and find new and innovative ways to use it. Sometimes this is social engineering their way into an account with a phishing email. Other times they’re able to find servers that have simply been forgotten by IT admins, and then use those as beach heads to penetrate networks.
Combining artificial intelligence and human ingenuity is how the cyber security industry will combat these threats in the future. Tasks like risk analysis, penetration testing, threat assessments, incident response, and forensics, can all be innovated by leveraging the benefits of man and machine working together. And we’ll see industry players and even cyber security startups put a lot of focus on growing their expertise with this approach in 2017.
Andy “Cyber Gandalf” Patel, Senior Manager, Technology Outreach